No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

You’re GDPR Compliant …Now What?

by Stephanie Quaranta
July 23, 2018
in Data Privacy, Featured
businessman checking virtual GDPR box

4 Next Steps

With the European Union’s General Data Protection Regulation (GDPR) deadline now behind us, the real work of maintaining ongoing compliance begins. In this article, Gartner’s Stephanie Quaranta outlines the actions privacy and compliance executives should take for the rest of 2018 and into next to ensure the effectiveness of GDPR-related changes.

The past two years have been busy ones for privacy and compliance executives. The formation of the General Data Protection Regulation (GDPR) in April 2016 gave organizations just over two years to understand the requirements, conduct a gap analysis and create and execute a plan for bringing their organizations into compliance.

Since then, privacy and compliance executives have led the charge in appointing Data Protection Officers, building out data protection impact assessment processes, revisiting breach requirements and much more. After two years spent focused on preparing their organizations for the May 25, 2018 implementation deadline, privacy and compliance executives are finally able to pick their heads up and take stock of the changes made. But now they are left to wonder: what’s next?

Though there is no one right answer to that question, there are four areas most organizations will want to invest in between now and 2020 to maintain ongoing compliance.

1. Operationalize Updated Standards and Policies

Organizations have spent the past two years building policies, procedures and processes to outline their organizations’ GDPR compliance strategy. Now, with the regulation in full force, privacy and compliance executives must focus on how to embed the changes they made in light of GDPR into business systems and operations. To enable this, organizations are targeting heavily impacted segments of the business for training, communications and ongoing partnership.

For example, while most B2C companies have been primarily focused on the management of customer data, GDPR stresses the importance of employee and candidate data and the need for a strong partnership with HR. GDPR impacts how record retention policies can be applied to employee and candidate records. Moreover, by giving individuals the right “not to be subject to a decision based solely on automated processing,” the regulation has introduced new challenges to how organizations manage talent analytics, from the recruiting phase throughout the employee life cycle. Impacted groups, from customer service representatives to sales teams, will need targeted messaging and support to understand how they must adapt their workflows in a post-GDPR world.

2. Ensure Effective Information Governance

Though improving information governance has long been a priority for privacy and compliance executives, GDPR execution has taken it off the back burner by introducing new and often complex requirements for how information should be collected, used and stored – and by raising the stakes for getting it wrong.

As a result, most organizations are investing in formalizing their information governance efforts. In fact, 37 percent of organizations have already put a formal information governance framework in place, while another 40 percent plan to implement one in the next 12 to 18 months. The vast majority of privacy and compliance executives plan to leverage their framework in ways that will support ongoing GDPR compliance, from building a more comprehensive understanding of the organization’s data assets to arriving at guidelines for the collection, use and retention of information across the organization.

Privacy and compliance executives should take advantage of the newfound momentum behind information governance initiatives to increase the function’s participation in decisions about the strategic use and appropriate protection of the organization’s information assets.

3. Drive GDPR Compliance into Third-Party Networks

For many privacy and compliance executives, the lesson of recent high-profile bribery and corruption failures or data breaches has been “ignore your third parties at your own peril.” Now that their own organizations are GDPR ready, these executives are turning their focus to the data processors in their third-party networks. In advance of the May 25 deadline, many organizations used their contracts with third parties as a way to ensure GDPR compliance, at least for the short term, by adding short addendums around GDPR requirements or, in the case of larger third-party relationships, revisiting the contract in its entirety. To maintain ongoing compliance, however, privacy and compliance executives must feel confident that their third-party partners have fully operationalized GDPR requirements. To do so, they will need to (a) educate third-party business sponsors about changing the expectations of third-party partners, (b) strengthen due diligence partnerships with procurement and other groups at the organization and (c) agree on a process for monitoring third-party compliance after the due diligence phase.

4. Monitor the Effectiveness of Your GDPR Readiness Efforts

Building new policies and processes was key to meeting the May 25 GDPR implementation date, but to maintain ongoing compliance, privacy and compliance executives need to be sure that they are working. Currently, organizations are going about this in different ways. Some organizations are conducting tabletop exercises and mock data breaches to ensure they are able to meet the GDPR’s 72-hour reporting requirement, should they need to. Others have put in place a set of GDPR-related metrics, tracking metrics from how long it takes to locate and delete a certain individual’s data to how many customers are clicking on updated privacy policies or explanations of how to view and revoke consent. Finally, there are organizations conducting formal audits of their GDPR readiness efforts, from their process for meeting a data subject’s access request to their updated consent procedures.

Though the approach might differ, the common denominator is clear: organizations want to test the processes they’ve put in place to both verify effectiveness and identify any potential issues before violations crop up.

On May 25 the real work of ensuring ongoing GDPR compliance began. For privacy and compliance executives, that will mean strengthening relationships with key partners to ensure that two years of GDPR readiness efforts have been effectively translated into operations.


Tags: Data GovernanceGDPR
Previous Post

Regulatory Oversight for Cryptocurrency?

Next Post

Market Penetration for Privacy Technology to Exceed 50 Percent in 8 of 10 Most Common Categories

Stephanie Quaranta

Stephanie Quaranta

Stephanie Quaranta is a data privacy research director at Gartner. In her role, she works with legal, compliance, and privacy executives at Fortune 500 companies to identify and prepare for emerging risks, embed privacy risk management into business operations, and work effectively with business and functional partners across the organization. Stephanie holds a B.A. in International Studies from Boston College, and an M.A. in International Economics from the Paul H. Nitze School of International Studies at the Johns Hopkins University.

Related Posts

risk tunnel

From Regulation to Volume, There Is No Light at the End of the Data Privacy Tunnel

by Jim DeLoach
March 15, 2023

Data proliferation and data privacy regulatory activity across the globe have created the need for focused boardroom discussions. An underpinning...

gdpr

UK Resurrects Data Protection Reforms, EU Court Rules on GDPR in Civil Cases

by Jonathan Armstrong and André Bywater
March 15, 2023

Recent courtroom and legislative action in Europe will likely have ripple effects around the world for companies subject to regulations...

data breach

Sobering Reality: Drizly Order Indicates Officers May Face Personal Liability for Data Breaches

by Baker Donelson
February 1, 2023

The FTC says Drizly’s CEO James Cory Rellas was alerted to a potential security loophole two years before a data...

eu flag

Preparing Your Company for the Latest GDPR Data Transfer Developments & Upcoming Deadlines

by Kevin L. Coy
November 30, 2022

An EU court decision and legislative moves in the U.S. and UK make compliance with privacy regulations increasingly difficult. Arnall...

Next Post
numerous personal data files

Market Penetration for Privacy Technology to Exceed 50 Percent in 8 of 10 Most Common Categories

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT